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Abstract 

Algorithms which compute the coarsest simulation preorder are generally de- 
signed on Kripke structures. Only in a second time they are extended to labelled 
transition systems. By doing this, the size of the alphabet appears in general as a 
multiplicative factor to both time and space complexities. Let Q denotes the state 
space, — > the transition relation, £ the alphabet and P s im the partition of Q induced 
by the coarsest simulation equivalence. In this paper, we propose a base algorithm 
which minimizes, since the first stages of its design, the incidence of the size of the 
alphabet in both time and space complexities. This base algorithm, inspired by 
the one of Paige and Tarjan in 1987 for bisimulation and the one of Ranzato and 
Tapparo in 2010 for simulation, is then derived in three versions. One of them has 
the best bit space complexity up to now, 0(\P s i m \ 2 + | — ^ | . log |— while another 
one has the best time complexity up to now, 0(|P s j m |.|— >|). Note the absence of the 
alphabet in these complexities. A third version happens to be a nice compromise 
between space and time since it runs in 0(b.\P s i m \.\ — >\) time, with b a branching 
factor generally far below |P S j m |, and uses 0(\P s i m \ 2 . log |P s i m | + | — >■ | - log |— >\) bits. 



1 Introduction 



Simulation is a behavioral relation between processes [TJ. It is mainly used to tackle the 
state-explosion problem that arises in model checking [5j [1] and to speed up the test of 
inclusion of languages [2]. It can also be used as a sufficient condition for the inclusion 
of languages when this test is undecidable in general [3] . The paper [5] gives a complete 
state of the art of the notion. 



1.1 Last Ten Years 

Let T = (Q, S, — >) be a Labelled Transition System (LTS) with Q its set of states, E its 
alphabet and — >Q Q x X x Q its transition relation. A relation 5? C Q x Q is a simulation 
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over T if for any transition gi A- q[ and any state q2 G Q such that (gi, 52) G there is 
a transition qi A g 2 such that (g 1; g 2 ) ^ The simulation is a bisimulation if J^ -1 
is also a simulation. Given any preorder (reflexive and transitive relation) & G Q x Q 
the purpose of this paper is to design efficient algorithms which compute the coarsest 
simulation over T included in {%. 

In the context of Kripke structures, which are transition systems where only states are 
labelled, the most efficient algorithms are GPP, the one of Gentilini, Piazza and Policriti 
[5] (corrected by van Glabbeek and Ploeger [H]), for the space efficiency, and RT, the 
one of Ranzato and Tapparo [9], for the time efficiency. These two algorithms either use, 
for GPP, or extend, for RT, HHK the one of Henzinger, Henzinger and Kopke [B|. 




The starting idea of HHK, see the above figure, is to consider couples (q', r') that 
do not belong to M (thus (q 1 , r') belongs to ffl the complement of ffl) and to propagate 
this knowledge backward by refining M. For each state q' a set of states, Remove(g'), 
is maintained. This set is included in the complement of pre(^(g')), the set of states 
which have at least one outgoing transition leading to a state related to q' by £%. In the 
figure above, to illustrate that a state r belongs to Remove(g') we depict that there is 
no state r" reachable from r and such that (q', r") belongs to M. For a given state q', 
Remove(g') is used as follows: for each couple (q,r) G pre(g') x Remove(g'), with pre(g') 
the set of states leading, by a transition, to q', if (g, r) belongs to & then it is removed and 
Remove(g) is possibly updated. The couple (g, r) is safely removed from because by the 
definition of r G Remove (g') it is impossible that (g, r) belongs to a simulation included in 
ffl. The algorithm HHK runs in (remember, for the moment transitions are not labelled) 
0(\— >\.\Q\) time and uses 0(|(5| 2 - log \ Q\) bits for all the Remove sets. Note that in order 
to achieve the announced time complexity the authors use a set of counters which plays 
the same role as this introduced by Paige and Tarjan [8] to lower the time complexity 
for the corresponding bisimulation problem from 0{\— >\.\Q\) to 0{\— >\. log \ Q\). In HHK 
the set of counters enable to lower the time complexity for the simulation problem from 
0(M.|Q| 2 )toO(M.|Q|). 

If one extends HHK to LTS, where transitions are labelled, there is a necessity to 
maintain a Remove set for each couple state-letter (g', a) because, now, Remove a (g') is 
included in the complement of pre a (^(g')) and pre need to depend on the letters labelling 
the transitions. Then, any natural extension of HHK to LTS uses 0(|E|.|Q| 2 . log \ Q\) bits 
for all the Remove's. 

Let us come back to Kripke structures. The main difference between HHK in one 
hand and, GPP and RT in the other hand is that the last two do not encode the current 
relation & by a binary matrix of size |<5| 2 but by a partition- relation pair: a couple (P, R) 
with R a binary matrix of size \P\ 2 and P the partition of Q issued from the equivalence 
relation ^fl^ -1 . The difficulty of the proofs and the abstract interpretation framework 
put aside, RT is a thus a direct reformulation of HHK but with partition-relation pairs 
instead of mere relations between states. Note that in order to have sound refinements 
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of the relation P, blocks of P may first be split at each main iteration of the algorithm. 
The algorithm RT maintains for each block B e P a set Remove (B) included in the 
complement of pre(&(B)), the set of states which have at least one outgoing transition 
leading to the set of states related to B by M. The algorithm runs in 0(|P s j TO |.|— >-|) time 
and uses 0(|P S i m |.|Q|. log \Q\) bits for all the Remove's, with P sim the partition associated 
to the coarsest simulation relation included in the initial preorder Mi n a. In [I], Crafa and 
the authors of RT, reduced this space complexity to 0(|P S j m |.|P S p|. log \P sp \) with P sp 
a partition whose size is between these of P S i m and Pms, the partition associated to the 
coarsest bisimulation included in & init n3$^ t . The goal, which has not been achieved, was 
a bit space complexity of 0(\P sim \ 2 . log |P S i m |). The bit space complexity of [I] is achieved 
at the cost of an increase of the time complexity comparable with 0(\P S i m \ 2 .\— >|). The 
algorithm GPP uses a partition-relation pair (P, R) too. It also proceed by iterative 
steps of one split of P and one refinement of R. A split step is done in a more global way 
than in RT, then a refinement step uses HHK on an abstract structure whose states are 
blocks of P. A refinement step is thus done in 0(|P S j m |.|— >\) time (remember, here states 
are blocks of P). As they prove it, there is at most |P,i m | refinement steps. The entire 
algorithm is thus done in 0(|P S j m | 2 .| — >\) time. Since states are blocks in this use of HHK, 
the encoding of all the Remove's uses 0(|P S j m | 2 . log |P S j m |) bits, which has not been taken 
into account in the announced bit space complexity of GPP: 0(|P sim | 2 + \Q\. log |P S i TO |). 

The paper [T] provides an adaptation for LTS of RT. It is also a very useful translation 
of RT from the context of abstract interpretation to a more classical algorithmic view 
on simulations. The algorithm of [1] runs in 0(|S|.|P S j m |.|Q| + |P S im|-| — H) ti me an d uses 
0(|£|.|P sim |.|Q|.log|Q|) bit space. 

1.2 Our Contributions 

We have mainly focused our attention on the |E| factor which is present in both time 
and space complexities of the simulation algorithm in pQ. The major step was to realize 
that if the Remove a (P) set associated with a block B e P need to depend on a letter, a 
set of blocks not related to R(B) = {C E P | (P, C) G R] does not depend on any letter. 
Therefore, instead of maintaining Remove a (P) we maintain NotRel(P) a set of blocks 
included in the complement of R(B) and we compute Remove a (P) only when we need 
it. Therefore, we do not have to store it. The great by-product of doing this is that, for 
each block, we now maintain a set of blocks, encoded with 0(\P S i m \. log |P S j m |) bits, and 
not a set of states encoded with 0(|Q|. log \Q\) bits. Thus, we also achieve the main goal 
of ®- 

In the next two sections we state the preliminaries and clarify our views regarding the 
underlying theory. Then, we propose our base algorithm. In the section which follows we 
derive this base algorithm in several versions. The first one runs in 0(min(|P S j m |, 6).|Pgj m |.|— ;-|) 
time, with b a branching factor, of the underlying LTS, defined in Section 15. 3[ and 
uses 0(|P, im | 2 . log | P S i m | + |— >\. log |— >-|) bit space. By adding a set of counters, like 
in [21 Q], we obtain a second version of the algorithm that runs in 0(|P S i m |.|— >\) time 
and uses 0(|P S i m |.| sl(— )-)|. log |Q| + |— >• | . log |— bit space, with (in common cases): 
\P S im\ < \Q\ < | sl( — ?►) | < |— >\ < |S x Q\. The adding space is used to store the 
counters and is the price to pay to obtain the best time complexity. This version of the 
algorithm becomes the best one, for LTS, regarding time efficiency. We then explain why 
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GPP does not have a bit space complexity of 0(\P S i m \ 2 + \Q\. log |P a j m |) but at least of 
0(\P S im\ 2 - log \ P S im\ -\-\Q\ - log Then, we propose the third version of our base algo- 
rithm. It runs in 0(|P S j m | 2 .|— >\) time and uses 0(\P S i m \ 2 + |— >\. log |— >\) bits. It is the 
best one regarding space complexity. Then, we detail the data structures that we use. 
We end the paper by some perspectives including a future work on bisimulation. 

2 Preliminaries 

Let Q be a set of elements. The number of elements of Q is denoted \Q\. A binary 
relation on Q is a subset of Q x Q. In the remainder of this paper, we consider only 
binary relations, therefore when we write "relation" read "binary relation". Let & be 
a relation on Q. For all q, q' G Q, we may write qMq', or q--M -> q' in the figures, 
when (g,g') G M. We define M(q) = {q' G Q \ qMq'} for q G Q and M(X) = U qeX &(q) 
for X C Q. In the figures, we note X --S$ -> y when there is (g, q') £ X x Y with 
q& q' '. The domain of ^ is dom(^) — {q E Q\ &(q) 7^ 0}- The complement of & is 
^ = {(x, y) G Q x Q I (^i y) Let be another relation on Q, the composition of 
M by ,y is y o M = {(x,y) E Q x Q \ y e y(M(x))}. The relation M is said reflexive 
if for all q e Q, we have q&q. The relation ^ is said reflexive on its domain if for all 
g G dom(^), we have qMq. The relation & is said antisymmetric if q&q' and q' & q 
implies g = g'. The relation ^ is said transitive if ^ o M C 

A preorder is a reflexive and transitive relation. Let X be a set of subsets of Q, 
we note UX = U#ex-5- A partition of Q is a set of non empty subsets of Q, called 
blocks, that are pairwise disjoint and whose union gives Q. A partition-relation pair over 
Q is a pair (P, P) such that P is a partition of Q and R is a reflexive relation on P. 
A partition-relation pair (P, P) is said antisymmetric if its relation P is antisymmetric. 
From a partition-relation pair (P, P) over Q we derive a relation &(p ; r) on Q such that: 
&(p,R) = U(B i c)ei?P x C- 

Definition 1. Let & be a relation on a set Q such that 3? is reflexive on its domain. 

• For q G Q, we define \q\@ = {q' G Q | qM q' A q' M q}, for X C Q, we define 
[X]a = U qeX [q]a- 

• A block of & is a non empty set of states B such that B = \q\@ for a q G Q. 

• & is said block-definable, or definable by blocks if: Vg, q' G Q . (g, g') G M =>- 

[g]* x [g'],« C M. 

Let us remark that a preorder is reflexive and definable by blocks. The notion of 
definability by blocks will be useful since intermediate relations of our algorithms will be 
block-definable, but not necessarily preorders, even if we start from a preorder and finish 
with a preorder too. 

Remark. Let (P, P) be an antisymmetric partition-relation pair over a set Q. Then: 

P = {[q]* lPtK) C Q I q G Q} and P = {([g],« (P , fi) , [g'W (P , K) ) C P x P | g <£ ( p >fl) g'}. 

From a reflexive and block-definable relation & we derive an antisymmetric partition- 
relation pair (P«,P«) such that P& = {[g],« C Q | g G Q} and R% = {([g],*, [g'],«) C 
P x P| g^g'}. 
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Remark. Let be a reflexive and block-definable relation on Q. Then M = {J^ B c)eRen ^ x 
C. 

The two preceding remarks imply a duality between reflexive and block-definable rela- 
tions, and antisymmetric partition-relation pairs. However, the notion of block- definable 
relation is somehow more general in the sense that we require its reflexibility on its 
domain, not necessarily on the whole state space Q. 

Let T = (Q, S, — y) be a triple such that Q is a finite set of elements called states, 
£ is an alphabet, a finite set of elements called letters or labels, and — >Q Q x £ x Q 
is a transition relation or set of transitions. Then, T is called a Labelled Transition 
System (LTS). From T, given a letter a E S, we define the two following relations: 
~* —{(QiQ') I (Qi a i q') £~ an d its reverse pre_^ = {(q',q) | (q,a,q') E— >}. When — > is 
clear from the context, we simply note pre a instead of pre_^_. For X,Y (1 Q, we note 

X A Y to express that X D pre a (y) ^ 0. By abuse of notation, we also note q — > Y 
for {q} — > Y. In the complexity analysis of the algorithms proposed in this paper, a 
new notion has emerged, that of state-letter. From T we define the set of state-letters 
sl(— >) = {(q,a) E Q x E | 3q' E Q . q A q' €—)•}. For (q, a) E sl(— >■), we simply note q a 
instead of (q,a). If T is "normalized" (see first paragraph of Section |5]) we have: 

|Q|<|sl(-0|<|-H<|£xQ| (1) 

It is therefore more interesting to use sl(— >) instead of £ x Q. 

The following definition of a simulation happens to be more effective than the classical 
one given in the introduction. 

a 

Definition 2. Let T = (Q,E,— >) be a LTS and 5^ be a relation on * ~~a~^^* x 

Q. The relation 5^ is a simulation over T if: Va E X . 5? o pre a C 5? y 
pre a o 5?. For two states q,q' E Q, we say u q' simulates q" if there is \ a \ 
a simulation 5^ over Q such that qS? q' . 



3 Underlying Theory 

The first consequence of the definition of a simulation over a LTS T = (Q, E, — >) is that 
states which have an outgoing transition labelled by a letter a can be simulated only by 
states which have at least one outgoing transition labelled by a. The next definition and 
lemma establish that we can restrict our problem of finding the coarsest simulation inside 
a preorder to the search of the coarsest simulation inside a preorder & that satisfies: 

Vae£.^(pre a (Q))Cpre a (Q). (2) 

Definition 3. Let T = (Q, S, — >) be a LTS and M be a preorder on Q. We define 
InitRefine(^) C & such that: 

(q, q) E InitRefine(^) <^> (g, q) E & A Va E £ (q E pre a (Q) =>- q E pre a (Q)). 

Lemma 4. Let T = (Q, £, — >) be a LTS and = InitRefine^) with 3? a preorder on 
Q. Then: 

1. % is a preorder, 
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2. for all simulation y over T: y C 3% y C 
5. VICQVaGS. ^(pre a (X)) C pre a (Q). 
Proo/. 

1. Since ^ is a preorder and thus reflexive, ^ is also trivially reflexive. Now, let 
us suppose is not transitive. There are three states qi,q2,qz G Q such that: 
qi % q 2 A g 2 % q 3 A -i gi ^ g 3 . From the fact that ^/ C ^ and ^ is a preorder, 
we get qiMq 3 . With -< q$ and the definition of ^ there is a 6 E such that: 
<?i G pre a (Q) and g 3 G" pre a (Q). But g x G pre a (Q) and q x % q 2 implies q 2 G pre a (Q). 
With q 2 g 3 we also get g 3 G pre a (Q) which contradicts g 3 pre a (Q). 

2. If this is not true there are two states qi,q 2 G Q such that: q\S? q 2 A -i q\ ^ q 2 . 
From C ^ we get qiS$ q 2 . With -< gi ^ g 2 and the definition of % there is a G £ 
such that q 2 G" pre a (Q) and gi G pre a (Q). With gi y q 2 we get g 2 G =5^ o pre a (Q). 
With the hypothesis that y is a simulation, we get g 2 G pre a o y(Q) and thus 
g 2 G pre a (Q), since y(Q) C Q, which contradicts g 2 G" pre a (Q). 

3. This a direct consequence of the definition of % . 

□ 

The main idea to obtain efficient algorithms is to consider relations between blocks of 
states and not merely relations between states. Therefore, we need a characterization of 
the notion of simulation expressed over blocks. 

Proposition 5. Let T = (Q, >) be a LTS and y be a reflexive and block- definable 
relation on Q. The relation y is a simulation over T if and only if: 

Va G £ Vg G Q . & o pre a ([g], r ) C pre a o y{[q]y). 

Proof. If y is a simulation then, by definition, we have for any ICQ: Va G X . y o 
pre a (X) C pre a o ^(X). This inclusion is thus also true for X = [q]y. In the other 
direction, if y is reflexive and block-definable then for any g G Q we get: g G [g]^ and 
= y([q} y ). We thus have: 

y o pre a (g) C ^ o pre a ([g]^) C pre a o y{[q]y) = pre a o y(q) 

which ends the proof. □ 

Now, suppose we have a reflexive and block-definable relation M and we want to 
remove from 3% all couples (g, r) not belonging in a simulation included in 3%. If 3% is 
not already a simulation, from the last proposition, there are a letter a and a block B 
of 3% such that «^ o pre a (S) % pre a o 3?(B). But we can assume that 3$ satisfies (J2J). 
With Q = ^(5) U <f(B) we get: St o pre a (S)_C pre a (.0(£) Ul(B)). This implies the 
existence of a non empty set Remove = pre a (^(S)) \ pre a (3?(B)). Let r G Remove and 
q G pre a (S). If (g,r) G ^ we can safely remove (g,r) from 3%. Why? Because, if we 
had (g, r) G y with ^ C ^ a simulation, with g G pre a (S), there would be g' G 5 such 
that g G pre a (g') and thus r £ y o pre a (g'). But J?* being a simulation, this implies 
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r G pre a o y(q') and thus r G pre a o 38(B) since J>^ C 38 and g' G 5. This contradicts 
r G Remove. To sum up, we can safely remove (q, r) from 38. But can we safely remove 
C x D from 38 with C the block of 38 containing q and D the block of ^ containing r? 
In general, the answer is no. However, the remainder of this section gives, and justifies, 
sufficient conditions to do so. We begin by the key definition of the paper. 

Definition 6. Let T = (Q, £,—>•) be a LTS and 38 be a reflexive and block- definable 
relation on Q. A refiner of 38 is a triple (B, 381,382) with 38\ and M2 two relations on Q 
such that 38\ is block- definable, B is a block of 38\, 38(B) C 38\(B) and 



Let us fix the intuition for the reader. For the above discussion, we take 38\ = 38 and 
382 = 38 which allows us to satisfy (under the assumption (j2J)) all the conditions of the 
definition of a refiner. However, if we use 38\ and 382 like that, we will obtain algorithms 
whose time complexity is 0(\P S i m \ 2 .\— >\) for Kripke structures. To obtain algorithms in 
0(|P S j m |.|— >\) time, still for Kripke structures, we have to consider in 38(B) only what is 
needed and thus to keep 38 2 smaller than 38. The presence of the relation 38\ is due to the 
management of the different letters of the alphabet for LTS. Note first, that constraining 
for all the letters in the alphabet the last condition of the definition of a refiner has 
made it independent of a particular letter. During a main iteration of the algorithm, we 
consider a relevant refiner. At this stage 38\ = 38. Gradually, as we consider the letters 
involved in the transitions leading to 382(B), 38 is refined and thus 38(B) stays included 
in 38%(B) but may becomes smaller than 38\(B). 

The first inclusion of the last condition of a refiner, [pre a (^i(5) U 38 2 (B))]^ Q 
pre a (38i(B) \J £02{B)), authorizes to split the blocks of P either with pre a (^i(£>)) or with 
Remove^/ = P re a (^2 (-£>)) \ P Te a (^i(B)) like in the next definition. The former induces 
algorithms that run in 0(\P sim \ 2 .\ — >\) time. The latter authorizes a run in 0(|P s j m |.|— >\) 
time. Let 38' be the relation issued from the split. The second inclusion of the last 
condition of a refiner, 38(pre a (B)) C pre a (^i(S) U 382(B)), enables to soundly refine 38' 
by [pre a (.B)],^/ x [Remove 0)re /]^/. The remainder of the section formalizes this approach. 

Definition 7. Let T = (Q, £, — >■) be a LTS, 38 be a reflexive and block-definable relation 
on Q, ref = (B,38\,38 2 ) be a refiner of 38 and a G £ be a letter. We define: 



Va g £ . \pre a (38 1 (B)u382(B))Uu38( W e a (B)) C pre^^B) U 38 2 (B)) 



Remove a , re/ = pre a (38 2 (B)) \ pm a (38 1 (B)) 





([q]® \ Remove ajre/ )x 
:/ ([q]ng n Remove 0jre /) 



q€Remove, 



SplitRefine are/ (^) = 38 \ SplitDelete ajreJ (^) 




Refine Q , re/ (^) = SplitRefine a re/ (^) \ Delete , re /(^) 
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We should now prove that if a simulation 5? is included in Si it is still included in 
Refine aire /(^). Unfortunately, we do not know how to do that. However, if, instead of 
simply asking 5? to be included in we ask & to be 5? '-stable (see next definition), 
everything works nicely. 

Definition 8. Let & and 5? be two relations on Q. The relation S% is said ^-stable if 

Obviously, if a reflexive relation & is ^-stable then 5? is included in M. Intuitively, 
the ^-stability of & is required by the fact that ffl is no longer supposed to be a pre- 
order but since it contains a transitive simulation (as we will see, the coarsest simulation 
included in a preorder is a preorder and thus transitive) it should be transitive "with" 
that simulation. 

Theorem 9. Let T = (Q, £,—>■) be a LTS, M be a reflexive and block- definable relation 
on Q, y be a simulation over T , a G S be a letter and ref = (B, &i,&2) be a refiner of M 
such that M andM\ are & '-stable. Let % = ReHne ajre f(M). Then, % is a reflexive, block- 
definable and y -stable relation. Furthermore, we have: [pre a (Mi(B))}^ U ^(pre a (S)) C 
pre^OB)). 

For the proof, we first need a lemma. 

Lemma 10. Let T = (Q, S, — >) be a LTS and, & and 5^ be two relations on Q such that 
5? is a simulation over T and 3% is 5? -stable. Then: 

5? o pre a o M C pre a o ffl 

Said otherwise, pre a o M is 5^ -stable. 

Proof. Since 5? is a simulation, we have 5? o pre a C pre a o y and thus: 1) 5? o 
pre a o M C pre a o y o ffl. With the hypothesis that M is ^-stable, we get: 2) 
pre a o y o ffl C pre a o ffl. Inclusions 1) and 2) put together imply the claimed 
property. □ 

Proof of Theorem The fact that % is reflexive and block- definable is an easy conse- 
quence of its definition: from a reflexive and block-definable relation, ffl, we split some 
blocks, then we delete some relations between different blocks ( after SplitRefine, we have: 

[pre a (5)]splitRefine aire/ (^) D [RemOVe aire/ ]splitRefine are/ (,*) = 0). 

For the ^-stability of % , let us first remark another direct consequence of the defini- 
tions of Remove a re / and SplitRefine on ^: 

q G Remove ajre/ [q] 

SplitRefine a re f(&) 

C Remove,^ (3) 

If <fy is not ^-stable, there are three states qi,q 2 ,Q3 G Q such that q 1 % q 2 A q 2 qs A 
-i qi % g 3 . We need the following property: 

q 3 G Remove^ re/ q 2 g pre a (&i(B)) (4) 

Suppose g 3 G Remove ajre / and q 2 G pre a (Mi(B)) . Since B is a block of g%\ and $\ is 
block-definable, for any q G B we have q% G y o pre a o M\{q). With the hypothesis that 
8%\ is ^-stable, Lemma [TOl implies q 3 G pre a o Mi(q) which contradicts q 3 G Remove ajre j. 
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Figure 1: ^-stability of the refinement 



Now, by construction, % is included in ^ and, by hypothesis, ^ is ^-stable, then 
from qi fy! q 2 A g 2 ^ q^, and thus q± q 2 A g 2 <5f q%, we get: q\ & q^. With -1 q\ fy! g 3 , we 
necessarily have (91,(73) G SplitDelete or ((71,(73) G Delete a)fe /(^)- Let us consider 

the two cases (also depicted in Figure [T]): 

• (#1)93) G SplitDelete a re j(^ 1 ). This implies the existence of q G Remove ajre / such 
that gi,93 G [g]j>, qi G" Remove ajre / and g 3 G Remove ajre j. Since ^ is reflexive and 
^-stable, we have 5? C With the fact that, by construction, ^ C from 
gi ^ g 2 A q 2 ^Q3 we get q\£%q 2 A q 2 &qj,- With gi,g3 G [g],« and the fact that 
^ is block-definable we get: g2 G [q]&. With g G pre a (& 2 (B)) and the fact that 
{B,Mi,M 2 ) is a refiner of J 5 we have, by definition: g 2 G pre a (&i(B) U M 2 (B)). 
With (J4]) we necessarily have g 2 G pre a (^ 2 (-B)) \ pre a (^i(I?)) = Remove,^/- With 
gi ^ Remove ajre / and gi,g 2 G [g]^ this would imply (gi,g 2 ) G SplitDelete are y(^ 1 ) 
and would contradict the fact that gi ^ g 2 . 

• (Qi-iQs) G Delete ajre /(^). This implies the existence of q[ G pre a (5) and q' 3 G 
Remove ajre/ such that q 1 G [gi]spUtReflne aire/ (^) and g 3 G [g^SpiitRefme^^)- From 
()3]) we get g3 G Remove ajre /. From q\Mq 2) the fact that ^ is block-definable and 
gi G [g[]s P iitRofine a re/ (.«), thus gi G [gi],« since SplitRefine aireJ (^) C ^, we get q[ & q 2 . 
With q[ G pre a (S) we have g 2 G ^(pre (£)). With the fact that {B,M U M 2 ) is 
a refiner of ^ we have, by definition, g 2 G pre a (&i(B) U M 2 (B)). With (dD we 
necessarily have g 2 G Remove ajre/ . With q[ G pre a (B) and q 1 G [gi]spiitRefine a re/ (^) 
this implies (gi,g 2 ) G Delete ajre /(^ 1 ) and contradicts the fact that qi^f g 2 . 

Both cases lead to a contradiction. The relation % is thus ^-stable. 
Let us now prove the last property: 

• \ V ™ a {M x (B))\ % C preJ^B)). Let g G [pre^^B))]*. There is q' G pre^^B)) 
such that g G [g']<^. Since ^ C M and (B,Mi,&2) is a refiner of ^ then 
g G pre a (^i(5) U & 2 (B)). If g ^ pre a (^i(5)) then g G Remove ajre /, which im- 
plies (g',g) G SplitDelete a re j(^ > ) and contradicts g' % q. 

• ^(pre a (S)) C pre a (^ , i(5)). Let g G ^(pre a (S)). There is q' G pre a (B) such 
that g' <2r g. Since ^ C ^ and (B, M 1 ,M 2 ) is a refiner of ffi then g G Y>ie a {Mi{B) U 
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M2{B)). If q £ pre a (&i(B)) then q G Remove a)re /, which implies (g', g) G Delete a)re /(^) 
and contradicts q' 9/ q. 

□ 

4 Base Algorithm 



Function Split {Remove, P) 



1 SplitCouples := 0; Touched := 0; BlocksInRemove : = 0; 

2 forall r G Remove do 

3 Touched := Touched U {r.block}; 

4 forall C G Touched do 

5 if C C Remove then 

6 BlocksInRemove := BlocksInRemove U {C}; 

7 else //C must be split 

8 D := C H Remove; P := P U {D}; 

9 BlocksInRemove = BlocksInRemove U {P}; 
10 C :— C\ Remove; 

n // Only C is modified, not C.Rel or C.NotRel; 

12 P.Rel := copy(C.Rel); 

is P.NotRel := copy(C.NotRel); 

14 forall q G P do q. block := D; 

15 SplitCouples := SplitCouples U {(C, P)}; 

16 forall (C, P) G SplitCouples, E G P do 

17 if C G P.Rel then 

is P.Rel := E.Re\ U {P}; 

19 return (P, BlocksInRemove, SplitCouples) 



Function Init (T, P init , R init ) with T = (Q, E, ->) 



1 


P ■= copj(P init ); S := 0; 


2 


forall oGSdo a. Remove := 0; 


3 


forall P G P do 


4 


P.Rel := {C G P | (B, C) G P m 4; 


5 


forall q A g' G— >■ do 


6 


a. Remove := a. Remove U {q}; 


7 


forall aGSdo 


8 


(P, BlocksInRemove, _) := Split(a. Remove, P); 


9 


forall C G BlocksInRemove, D G P do 


10 


if P G^ BlocksInRemove then 


11 


C.Rel := C.Rel \ {P}; 


12 


forall C G P do 


13 


C.NotRel := U{P G P | D £ C.Rel}; 


14 


if C.NotRel ^ then 5 := S U {C}; 


15 


return (P ; S) 
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Function Sim(T, P init , R init ) with T = (Q, S, ->) 

1 (P,S) := Init (T, Pi n u, Rinit)] 

2 forall oGSdo {a.PreB := 0; a.Remove := 0}; 



3 alph := 0; 

4 while 3B e S do 

5 S:=S\{P}; 

6 // Assert : alph = A (Va G E . a.PreB = A a.Remove = 0) 

7 forall r A (P.NotRel) A r ^ pre a (UP.Rel) do 

8 a/p/i := a/pa U {a}; 

9 a.Remove := a.Remove U {r}; 
10 P.NotRel := 0; 

n forall q A B A a G a/pa do 

12 a.PreB := a.PreB U {g}; 

13 forall a G alph do 

14 (P, BlocksInRemove, SplitCouples) := Split (a. Remove, P); 

15 forall (C, P) G SplitCouples do 

16 C.Rel := C.Rel \ {P} ; C.NotRel := C.NotRel U P; 

it S:=£U{C}; 

„ „ P G Blocks I nRemove, . 
lorall „ r i_i i n r, m do 

is (7 G {g. block G P | g G a.PreB} 

19 if P G C.Rel then 

20 C.Rel := C.Rel \ {P}; C.NotRel := C.NotRel U P; 

21 S:=SU{C}; 

22 forall a G a/pa do {a.PreB := 0; a.Remove := 0}; 

23 alph : = 0; 

24 P sim := P; P sim := {(P, C) G P x P I C G P.Rel}; 



25 return (P sim , R sim ) 
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Given a LTS T = (Q, £, — >■) and an initial antisymmetric partition-relation pair 
(Pinit, Rinit), inducing a preorder fflmi^ the algorithm manipulates relevant refiners to iter- 
atively refine (P, R) initially set to (Pmit, Rinit)- At the end, (P, R) represents (P S i m , R S im) 
the partition-relation pair whose induced relation M S i m is the coarsest simulation included 

in &init- 

The partition P is a set of blocks. To represent R, we simply associate to each block 
B G P a set P.Rel C P such that R = Li Bep{B} x P.Rel. A block is assimilated with its 
set of states. For a given state q G Q, the block of P which contains q is noted q. block. 
We also associate to a block B a set P.NotRel included in the complement of UP.Rel. 
The refiners will be of the form: (P, B x (UP.Rel), B x (P.NotRel)). 

The algorithm is decomposed in three functions: Split, Init and Sim, the main 
one. The function Split {Remove, P), used by the two others, splits, possibly, the blocks 
touched by Remove and returns the updated partition, the list of blocks included in 
Remove and the list of block couples issued from a split. This last list permits the 
SplitRefine a re y of Definition [7] during the forall loop at line [TB] of Sim. Note that, even if 
Split possibly modify the current partition- relation pair, thanks to lines [T21 and [ToT - [TSl 
it does not modify the induced relation. This is done out of Split, in Sim. 

The main role of function Init is to transform the initial partition-relation pair to 
a partition- relation pair whose induced relation satisfies condition (j2J). It also initializes 
the set S to those P's whose P.NotRel is not empty. 

After the initialization, the Sim function mainly executes the following loop. As long 
as there is a block B whose P.NotRel is not empty, all non empty a. Remove sets are 
computed by only one (this is important for the time efficiency) scan of the transitions 
leading into P.NotRel. Each of them corresponds to a Remove a re / of Definition [3 The 
relevant pre a (P), encoded by a.PreB, are also computed by only one (idem) scan of the 
transitions leading into pre a (P). Then, for each letter, with a non empty a. Remove, a 
refinement step is executed with the refiner (P, B x (UP.Rel), B x (P.NotRel)). Note that, 
during a refinement step, each time a relation (C, D) is removed from R, the content of D 
is added to C.NotRel. This is done in order to preserve the second invariant of Lemma fT2l 
The remainder of the section validates the algorithm. 

Lemma 11. Let T = (Q, X, — >) be a LTS and (Pmit, Rinit) be a partition-relation pair over 
Q inducing a preorder Mi n u ■ Let (P, _) = Init(T, Pmit, Rinit) and& = U^epCx (UG.Rel). 
Then, & = Init Refine (Minit)- Furthermore, for all G G P, we have: G.NotRel = Q\ 
UG.Rel. 

Proof. Unless otherwise specified, all line numbers refer to function Init. The purpose 
of the forall loop at line |3] is to associate to each block B G P the initial set of blocks 
which simulate it: P.Rel = Ri n i t (B). In the forall loop at line |5] we identify pre a (Q), 
encoded by a. Remove, for each letter a G S. Then, in the forall loop at line[7J for each 
relevant letter a G E: 

• We split each block B G P in two parts, P fl pre a (Q) and B \ pre a (Q), and we 
update R such that the induced relation of (P, R) stays the same (lines [TTHT21 and 
dMl] of function Split). 

• Now, each block of P is either included in pre a (Q) or disjoint from it. We then 
delete from R all couple (C, D) such that C is included in pre a (Q) and D is disjoint 
from pre a (Q). 
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At the end 8$, the induced relation of (P,R), is Sti n a where all couples (q, q') such that 
q G pre a (Q) and q' G" pre a (Q) have been deleted. Otherwise said 8? = InitRefine(^ n ^). 
Then, the forall loop at line [12 implies C.NotRel = Q\ UC.Rel for all node C E P. □ 

Lemma 12. Let T = (Q, E, — >) be a LTS, (Pinit, Rinit) be an initial partition-relation pair 
over Q inducing a preorder 8%i n a and y be a simulation over T such that 5? C 8$i n i t . 
Let 8$ = UctpG x (UG.Rel). Then, the following properties are invariants of the while 
loop of function Sim: 

1. & is a reflexive, block- definable and J? -stable relation, 

2. VG G P Vc G S . [pre c (UG.Rel U G.NotRel)]^ U ^(pre c (G)) C pre c (UG.Rel U 
G.NotRel) 

Proof. The proof is done by an induction on the iterations of the loop. The two properties 
are true just after the initialization. For the first one, from Lemmas HI and [TTj we deduce 
that y C 8?, 8? is a preorder and thus reflexive and block-definable. With the fact that 
a preorder is, by definition, transitive we deduce that y C 8% implies the ^-stability of 
8$. For the second one, this is a direct consequence of item [3] of Lemma H] and the fact 
that just after the initialization: UG.Rel U G.NotRel = Q, see Lemma [TTj for all block 
G G P. 

Let us consider an iteration of the loop. For the ease of the demonstration, we prime 
a variable for its value before the iteration. A value during the iteration is not primed. 
The two properties are supposed true before the iteration, we show they are still true 
after. Therefore, we assume: 

[pre^UG.Rel' U G.NotRel')]^U 
VGeP'MceY,. ^'(pre c (G)) (5) 

pre c (UG.Rel'U C.NotRel') 

In this proof, all line numbers, if not stated otherwise, refer to function Sim, and 
B is the block considered at line H Let ref = (B,M 1 ,M 2 ) with M x = B x (US.Rel'), 
8? 2 = B x (S.NotRel'). Then, ref is a refiner of 8$'. This is due to the following facts: 

• the reflexivity of 8$' implies that B is a block of 8$\, 

• 8$'{B) =& X (B) Q^i(B), 

• the partitionability of 8?' implies the partitionability of 8?i, 

• from (j3]) we have: 

Vc G £ . \pxe c {M x {B) U 8$ 2 {B))}®, U 8?'{pre c (B)) C pre c (#i(B) U M 2 (B)) 



Clearly, after the first iteration of the forall loop at line [121 from Theorem [HI we have 
8$ = Refine^re/f^') and 8? is reflexive, block-definable, ^-stable and 8$ C 8%' . Therefore, 
ref is still a refiner of 8%. The same happens for the successive iterations of the forall 
loop at line [13j The first property of the current lemma is thus true. 

To prove the second property of the lemma, we need two intermediate results. 
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VF G P' \ {B} VG G P . G C F UF.Rel' U F.NotRel' = UG.Rel U G.NotRel (6) 

By an induction on the number of splits from F to G. If there has been no split then 
G = F and only line |20] can modify G.Rel or G.NotRel, but such that the expression 
UG.Rel U G.NotRel stays constant. Suppose the property is true before a split. If that 
split does not involve G then, thanks to lines [TBHTS1 in Split, UG.Rel and G.NotRel are 
not modified. If it is a split of G in G\ and G2. Then, the split is done such that, function 
Split lines fTTHT3l UG^.Rel = UG.Rel, (^.NotRel = G.NotRel and, function Split lines 
ri&HT8| ffl is not changed. With the induction hypothesis we get: UF.Rel' U F.NotRel' = 
UGj.Rel UGj.NotRel. After the split, only lines [TBI and 1201 can modify G^.Rel or Gj.NotRel, 
but such that the expression UGj.Rel U Gj.NotRel stays constant. 

VGgP.GCB^ UB.Rel' = UG.Rel U G.NotRel (7) 

The proof is similar to the previous one except that F.NotRel' has been emptied at linefTUl 
Let G G P after a given iteration of the forall loop at line [131 There are two cases: 

• There is F G P' \ {B} such that G C F. From © and © we get: Vc G 
£ . [pre c (UG.RelU G.NotRel)],*, U^'(pre c (G)) C pre c (UG.Rel UG.NotRel). From the 
fact that St C & we obtain: Vc G S . [pre c (UG.Rel U G.NotRel)],* U ^(pre c (G)) C 
pre c (UG.Rel UG.NotRel). 

• G C B. We have two sub cases: 

— c G alph. Let be the value of & after the iteration of the forall loop 
at line d3] with a = c. From what precede, remember that ref is still a 
refiner of M, and M and M\ are still ^-stable. Then, from Theorem we 
get [pre c (^i(5))]^ c U& c (pre c (B)) C pre c (^i(5)). At the end of the iteration 
of the while loop, we obviously have M C With (JTj) and GC5we obtain: 
[pre c (UG.Rel U G.NotRel)],* U ^(pre c (G)) C pre c (UG.Rel U G.NotRel)). 

— c G" alph. In that Remove = 0, thus pre c (5.NotRel') C pre c (U£>.Rel'). 
With ([5D we get: [pre c (URRel')],*' U^'(pre c (5)) C pre c (US.Rel'). With ©, 
M C and G C B we obtain: [pre c (UG.Rel U G.NotRel)],* U ^(pre c (G)) C 
pre c (UG.Rel UG.NotRel)). 

□ 

Theorem 13. Let T = (Q,E,— >) be a LTS and {Pinit, Rinit) be an initial partition- 
relation pair over Q inducing a preorder M^t- Function Sim computes the partition- 
relation pair (P S i m , Rsim) inducing M S i m the maximal simulation over T contained in 
Minit- Furthermore, & S im is a preorder. 

Proof. From line IT41 of function Init, lines IT71 and 1211 of function Sim, a block G G P 
is added in S whenever G.NotRel is not empty. Furthermore, each time a block G is 
withdrawn from S, line El G.NotRel is emptied, line fTUl Therefore, a block G is in S iff 
G.NotRel is not empty. 
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1. Function Sim terminates. Let = U Ge pG x (uG.Rel U CNotRel). At each 
iteration of the while loop strictly decrease (a not empty 5.NotRel is emptied). 
Since is a finite set the algorithm terminates necessarily. 

2. Msim is a simulation. The algorithm terminates when S is empty. From what 
precede, at this moment, for all G G P, CNotRel = 0. With Lemma fT2l we get: 
VG G P Va G E . & sim (pre a (G)) C pie a (M sim (G)). With Proposition |5] this means 
that £% S i m is a simulation since ^ S j m is reflexive and block-definable (Lemma [T2"|) . 

3. Msim contains all simulation included in H%i n u- From Lemma [12] we deduce 
that for all simulation 5? over T included in fflin&ti & S im is reflexive and ^-stable. 
These two properties imply 5? C ^ sim . 

4- «^sim is a preorder. We have seen that M S im is ^-stable for any simulation 
included in Mi nit . Since & S i m is such a simulation, ^ S i m is also ^ S j m -stable and 
thus transitive. This relation being reflexive and transitive is a preorder. 

□ 

5 Complexity 

From now on, all space complexities are given in bits. Let X be a set of elements, we 
qualify an encoding of X as indexed if the elements of X are encoded in an array of \X\ 
slots, one for each element. Therefore, an elements of X can be identify with its index 
in this array. Let T = (Q, E, — >) be a LTS, an encoding of T is said normalized if the 
encodings of Q, E and — > are indexed, a transition is encoded by the index of its source 
state, the index of its label and the index of its destination state, and if \Q\ and |E| are in 
0{\— If |E| is not in 0{\— >\), we can restrict it to its useful part E' = {a G S | 3q, q' G 
Q . q A- q 1 G— >} whose size is less than |— >\. To do this, we can use hash table techniques, 
sort the set — > with the keys being the letters labelling the transitions, or more efficiently 
use a similar technique of that we used in the algorithm to distribute a set of transitions 
relatively to its labels (see, as an example, the forall loop at line [7] of Sim). This is done 
in 0(|E| + |-»|) time and uses 0(|E|. log |E|) space. We have recently seen that this may 
be done in 0(\— >\) time, still with 0(|E|. log |E|) space, by using a technique presented 
in [Til]. If \Q\ is not in 0(\— >\) this means there are states that are not involved in any 
transition. In general, these states are ignored. Indeed, any state can simulate them and 
they can not simulate any state with an outgoing transition. Therefore, we can restrict 
Q to its useful part {q G Q | 3q' G Q 3a G E . q A q' G— > Vg'Ag G— >} whose size is in 
0(1—7-1). This is done like for E. 

All encodings of LTS in this paper are assumed to be normalized. 

We also assume the encoding of the initial partition-relation pair (Pinu, Rinit) to be such 
that: the encoding of P% n it is indexed, for each block B G P scanning of the states in 
B can be done in 0(|-B|) time and scanning of Ri n n{B) can be done in 0(|Pj n it|) time. 
Furthermore, for each state q G Q, we assume set q. block the block of P ini t to which q 
belongs. 
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One difficulty concerning the data structures was to design an efficient encoding of 
the NotRePs avoiding the need to update them each time a block is split. This led us 
to design an original encoding of P (encoding which finally happens to be similar to the 
one designed in [ID])- The first two versions of the algorithm essentially differ by the 
implementation of the test r G" pre a (U-B.Rel) at line [3 the overall time complexity of the 
other parts of the algorithm being in 0(\P S i m \.\ — 

5.1 Hypothesis 

In this sub-section, we state the relevant complexity properties of the data structures we 
use. We postpone on Section [6] the explanations on how we meet these properties. 
During an initialization phase, we set the following: 

• For each transition t = q A q', we set t .si = q a G sl(— ») the state-letter associated 
with t. 

• For each state-letter q a G si (—>■), we set q a . state = q and g a .post = {q A- q' G— > 
| q' G Q} such that scanning the transitions in g a .post is done in linear time. 

• For each state q' G Q, we set g'.pre = {q — > q' G— > \q G Q, a G S} such that 
scanning the transitions of this set is done in linear time. 

This initialization phase is done in >-|) time and uses 0(\— >-| . log |— >-|) space. 

The partition P is encoded such that adding a new block is done in constant amortized 
time and scanning the states of a block is done in linear time. The encoding of P uses 
0(\P S im\- log |— >\) space. Note that the content of all the blocks uses . log \Q\) space. 

The union S.NotRel of blocks that do not simulate a given B G P is encoded such 
that resetting to is done in constant time and adding the content of a block is done in 
constant amortized time (relatively to the number of added blocks) while scanning the 
states present in the union is done in linear time of the number of states. The encoding 
of all NotRePs uses 0(\P sim \ 2 . log space. 

The set of blocks, I?.Rel, that simulate a given B G P is encoded such that membership 
test and removing of a block are done in constant time while adding of a block is done in 
constant amortized time (relatively to the size of P S i m )- The encoding of all RePs is done 
in 0(\P sim \ 2 ) space. 

The set S of blocks to be treated by the main loop of the algorithm is encoded such 
that the emptiness test and the extraction of one element (arbitrarily chosen by the data 
structure) are done in constant time, and adding an element in S is done in constant 
amortized time. The encoding of S uses 0(\P sim \. log |— >\) space. 

The sets alph, SplitCouples, Touched and Blocks I nRemove are encoded such that 
adding of an element is done in constant time and, scanning of their elements and resetting 
to are done in linear time (relatively to the number of elements). The encoding of these 
sets uses 0(\— >\. log |— >\) space. 

For all a G X, a.PreB and a. Remove are encoded such that adding of an element is 
done in constant time, scanning of their elements and resetting to is done in linear time 
(relatively to the number of elements). The encoding of all a.PreB and a. Remove takes 
0(\— >\. log |— >-|) space. 

Finally, Split (Remove, P) is done in 0(\Remove\) time. 
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5.2 Common analysis 





C g.J U.q> B 




Figure 2: A configuration during a iteration of the while loop 

Figure |2] illustrates the main lemma of this section. 

Lemma 14. Let B be a block defined at line\Q of Sim. During the execution of Sim, the 
following configurations can happen at most once at line\^ (line\]J^for the last one): 

1. B and a block E such that E C .B.NotRel, 

2. B and a transition r A- r' such that r' G .B.NotRel, 

3. B, a block E C .B.NotRel and a transition q q' such that q' e B, 

4- B, a block D and a transition q A q' such that D C a. Remove (or D e Blocks InRemove) 
and q' G B. 

Proof. 

1. After the initialization, the content of a block can be added into S.NotRel only if 
this block is removed from U-B.Rel, lines [TBI and [2171 Furthermore, U-B.Rel can only 
decrease and if E is included in .B.NotRel at linelU S.NotRel is emptied at line [TU1 
From what precedes, it will not be possible again for E to be included in .B.NotRel 
during another iteration of the while loop. 

2,3. Direct consequences of the preceding point. 

4. Let us suppose this can happen twice. Let S.Rel' be the value of S.Rel the first 
time it happens and B.Rel", .B.NotRel" be the values of .B.Rel and .B.NotRel the 
second time it happens. With a same reasoning than that of the first point, we 
get: .B.NotRel" C U-B.Rel'. Let r be any element of D. The first time the con- 
figuration happens, we necessarily have, lines El El and ED r pre a (U-B.Rel'). The 
second time the configuration happens we necessarily have: r e pre a (.B.NotRel") C 
pre a (U-B.Rel') which contradicts r ^ pre a (U-B.Rel'). 

□ 
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5.2.1 Time 



In this sub-section, the O notation refers to time complexity and the overall complexity 
of a line is the time complexity of all the executions of that line during the lifetime of the 
algorithm. 

Initialisation In this paragraph, we consider the complexity of the initialization. All 
line numbers refer to function Init. 

Line [JJ essentially corresponds to a copy of Pinit, this is done in 0(\Pi n i t \) and thus 
0(\P S i m \). Line [2] is done in and thus in 0(\— >\). The forall loop at line [3] is done 

in 0(\Pi n i t \ 2 ) and thus in 0(\P S i m \ 2 ). The forall loop at line is done in 0(\— Since 
we have £ a6 s|a. Remove) < | sl(— >)\ < \— >\, the overall complexity of line [8] is 0(\— 
At first glance the overall complexity of lines I9HTT1 is in 0(|E|.|Pjj m | 2 ) but it is also in 
0(| sl(— >)|.|P S j TO |), since there is at most | sl(— >)\ blocks C concerned by BlocksInRemove 
and each time it is for a given a G S, and thus in 0(\— >\-\P s im\)- The forall loop at line[T2l 
is done in 0(\P S i m \ 2 ). From all of that, the complexity of Init is 0(\— >\-\P S im\)- 

Simulation algorithm Thanks to Lemma [T^l item[IJ the while loop of function Sim is 
executed at most |Pjj m | 2 times since a block B is concerned by the loop only if P.NotRel ^ 
and P.NotRel is made of a union of blocks. 

The first two versions of the algorithm differ by the test r G" pre a (UP.Rel) at line [7] 
Therefore, in this paragraph, we do not consider the overall complexity of this test. We 
only consider right now the overall complexity of the scanning of all transitions r — > r' 
such that r' G pre a (P.I\lotRel) and the overall complexity of lines [HH9J From Lemma [TH 
itemlit is 0(\P sim \.\->\). 

From Lemma dH item [31 the overall complexity of the forall loop at line [TT] is 
0(\P sim \.\^\). 

The two preceding paragraphs imply that the overall complexity of lines [22] and [23] 
is 0(|P<jj m |.|— >\) since resetting a.PreB or a. Remove is linear in their sizes and thus less 
than what has been added in them, which is less than 0(|P;j m |.|— (overall complexity 
of lines [13 and ED. 

The overall complexity of line [12] is less than that of line M and thus O ( | P,« m | . | — > \ ) . 

The complexity of Split (a. Remove, P) is 0(|a.Remove|). From the time complexity 
of line M we get the overall complexity of line [HI 0(\P S i m \.\— 

There is at most \P S i m \ couples (C, D) issued from the splits of blocks. So, the overall 
complexity of the forall loop at line [151 is 0(\P sim \). 

From the overall complexity of lines M and [T21 the overall complexity of the calculation 
of all D and of all C concerned by line [TS] is 0(|P S j m |.|— >\). From Lemma item HI there 
is at most 0(|P s j TO |.|— >|) couples {C, D) which have been involved at line [TBI This implies 
the overall time complexity of the forall loop of line [18] 0(|P S j m |.|— 

With what precedes, the test r ^ pre a (UP.Rel) at line[7]being aside, the overall time 
complexities of the other lines of the algorithm are all in O ( | P S i m I • I ~ H ) • 

5.2.2 Space 

Apart from the data structures needed to do the test r G" pre a (UP.Rel) at line [7], from 
Section [5TTI the space complexity of the algorithm is 0(\P sim \ 2 . log |P s j m | + |-»|. log |— 



18 



5.3 The nice compromise 

We use a set of state-letters, SL C sl(— >), with the same time and space complexity 
properties as those of alph. Before line [7J this set is emptied. Then, let us consider a 
given r' G P.NotRel. From r' we get, in linear time, all t — r — Y r' G r'.pre. If r a = t.s\ is 
already in SL it has already been treated, so we stop there and consider the next element 
of r'.pre. Otherwise, we have not yet tested whether r G" pre a (US.Rel). To do that, first, 
we add r a into SL and then, consider all r A r" G r a .post. If for none of them r" . block 
is in S.Rel, which is tested each time in constant time, then r G" pre a (U5.Rel). Thanks 
to the use of SL, from Lemma [__], item [TJ a transition r — > r" G r a .post is considered 
only once for a given couple (£?, £") of blocks in Figure __ Therefore, the overall time 
complexity of the test r G" pre a (UB.Rel) in line [7] is 0(\P S i m \ 2 .\ — >\). 

We can also express the time complexity in another way. For that, we need to in- 
troduce the state-letter branching factor of a LTS. The branching factor of a state is 
the number of its outgoing transitions. The branching factor of a state-letter q a is the 
number of the outgoing transitions of q labelled by a. The state branching factor of a 
LTS is the greatest branching factor of its states. The state-letter branching factor of a 
LTS is the greatest branching factor of its state-letters. Let us come back to the analysis 
of the complexity of the test r — > (.B.NotRel) Ar ^ pre a (US.Rel). From Lemma []__ item |2] 
a configuration such that r — > r' is a transition with r' G -B.NotRel happens only once. 
From this configuration, and with the use of the set SL described above, we have to 
consider at most b transitions r — > r" G r a .post to test whether r G" pre a (Ui?.Rel). 

From what precedes we obtain the following theorem. 

Theorem 15. Let T = >) be a LTS and (Pi n u, Rinit) be an initial partition- 

relation pair over Q inducing a preorder &i n it- The nice compromise version of Sim 
computes the partition-relation pair (P S i m , Rsim) inducing & S im the maximal simulation 
over T contained in &i n it in: 

• 0(mm(\P sim \, b).\P si m\.\^\) time, and 

• 0(|P sim | 2 .log|P sim | + |-H.log|-H) space. 

with b = maxg aes i(_j.) \{q — > q' E—> \q' G Q}\ the state-letter branching factor of T . 

Clearly, the state-letter branching factor of a LTS is smaller than its state branching 
factor. For the state-letter branching factor b in the preceding theorem, we have: b < \Q\. 
We also have |P S j m | < \Q\. But there is no definitive comparison between b and |P S i m |. 
However if one considers the VLTS Benchmark Suite (http: //cadp . inria.fr/resources/benchmark_l 
the state branching factor is rarely more than one hundred even for systems with millions 
of states. Furthermore, in the case of deterministic systems, the state-letter branching 
factor is 1. Therefore, we consider this version of Sim as a nice compromise between 
space and time efficiency. 

5.4 The Time Efficient Version 

To get an efficient time version of the algorithm, we need counters. To each block B G P 
we associate S.RelCount, an array of counters indexed on the set of state-letters sl(— >) such 
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that: P.RelCount(r ) = \{r Ar'G4 | r' G UP.Rel U P.NotRel}|. Let r a .post = {r A 
r' G— > | r' G Q}. The initialization consists just of setting P.RelCount(r a ) = |r a .post| 
since at the end of the initialization, for any B G P, Q = UP.Rel U P.NotRel. Therefore, 
the time complexity of the initialization of all the counters is 0(|P S j m |.| sl(— >)\) and thus 
0(\P sim \.\^\). 

Let us come back to the overall time complexity of line UJ For each transition r — > r' 
with r' G P.NotRel, P.RelCount(r a ) is decremented, and if after that P.RelCount(r a ) = 
this implies that r pre a (UP.Rel). This means that the test r G" pre a (UP.Rel) is done 
in constant time for each transition r — > r' with r' G P.NotRel. Note that when a 
block is split during the function Split its array of counters must be copied to the new 
block. This is done in 0( \ sl(— Since during the computation there is at most \P S i m \ 
splits, the overall time complexity of all the copy operations is 0(|P S j m |.| sl(-»)|) and thus 
0(|P« m |.|— H). We then get the following theorem. 

Theorem 16. Let T = (Q, £,—>■) be a LTS and (Pinit, Rimt) be an initial partition- 
relation pair over Q inducing a preorder & init . The time efficient version of Sim computes 
the partition-relation pair (P S im, Rsim) inducing M S i m the maximal simulation over T 
contained in M in i t in: 

0(\P sim \.\^\) time and 0{\P sim \. | sl(-)-)|. log \Q\ + |-)-|. log |-)-|) space. 
5.5 The Space Efficient Version 

The algorithm GPP has a time complexity of 0(\P S i m \ 2 .\— >\), for Kripke structures, but 
an announced space complexity of 0{\P S i m \ 2 + \Q\. log |P S i m |). Unfortunately, this space 
complexity does not correspond to that of GPP. As announced in the introduction of the 
present paper, GPP uses (a modified version of) HHK. For each state q' G Q, HHK uses 
an array of counters, to speed up the algorithm, and a set of states, Remove (g'), that do 
not lead via a transition to a state simulating q'. The counters and the Remove sets use 
0(|Q| 2 . log \ Q\) bits. As GPP uses HHK on an abstract structure whose states correspond 
to blocks of the current partition, the initial version of GPP uses 0(\P S i m \ 2 . log |P s j m |) bits 
for the counters and the Remove sets. Then, the authors explain how to avoid the use of 
the counters, but do not do the same for the Remove sets. Therefore their algorithm still 
uses at least 0(\P S i m \ 2 . log |P S i TO |) bits. The log |P S j m |) part of their announced 

space complexity comes from the necessity to memorize for each state q the block to 
which it belongs (q. block in the present paper). But GPP, like the algorithm in [4], scan 
in linear time the states belonging to a block. To do that the set of the states of a block 
is encoded by a doubly linked list which also enable to remove and to add a state in a 
block in constant time. This implies that the size of each pointer of these lists need to 
be sufficient to distinguish the \Q\ states: log \ Q\. Since there is |Q| states, GPP, like the 
algorithm in [1], needs at least \Q\. log \ Q\ bits. The real space complexity of GPP is thus 
0(|P sm | 2 .log|P rm | + |Q|.log|g|). 

By removing the use of the NotRePs in our base algorithm we are able to propose 
the space efficient version. The time complexities of Init and Split do not change, but 
now the overall time complexity of almost all the lines in the while loop of Sim becomes 

o(|p SMn | 2 .M). 
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We now present how to avoid, in our nice compromise version of Sim, the use of the 
NotRePs in order to lower the space complexity from 0(\P S i m \ 2 . log \P S i m \ + |— H- l°g \~ H) 
to 0(\P S i m \ 2 + |— >\. log |— y\) while keeping a time complexity of 0(\P S i m \ 2 .\ — 

The transformation of the algorithm is quite simple: we mainly replace line of 
Init by U S := copy(P);", line[7]of Sim by "forall r A (UB.Rel) A r ft pre a (UB.Rel) do", 
and we remove all other instructions where NotRel appears. Just to simplify the proof, 
we also replace line[T7|of Sim by U S :— S U {C, D}f . 

In the remainder of this sub-section, lines refer only to the function Sim. 

Correctness Clearly, after the initialization, which puts us under condition for 
any block B E P, (B, B x (US.Rel), B x UB.Rel) is a refiner of the current relation. By 
noting B. NotRel = U-B.Rel, second item of Lemma [T21 becomes trivial. For the first item, 
we follow the same proof. The algorithm terminates since, after the first time, a block 
B can be chosen again by line H] only if it is issued from a split (new line [I7|) or if a 
block has been removed from B.Rel (line l2T|) . Each case can happen at most \P S i m \ times. 
Let M S im be the relation induced by the result (P S im, Rsim) of Sim. Like in the proof of 
Theorem [T3J we use Lemma [T2] to deduce that £% S im contains all simulation included in 
£%init the relation induced by the initial partition-relation pair. Now, for a given block 
B of the last partition, consider the last time B has been chosen by line HI After, the 
execution of the corresponding iteration of the loop, from Theorem |9] we deduce that 
^(pre a (B)) C pre a (UB.Rel') with B.Rel' the value of B.Rel before the iteration. But 
since this is the last use of B, B.Rel has not been modified during this iteration of the 
while loop. Thus, .B.Rel = .B.Rel'. From this moment on, .B.Rel will not be modified. So 
we have 3? S i m (pre a (B)) C pre a (^ S j m (S)) for all block B E P sim and all letter a E S. This 
defines a simulation (Proposition [5]). 

Complexity The forall loop at line [7] is encoded by the following lines: 

forall q A q' E— > do 

if q 1 . block E B.Rel then a.PreRel := a.PreRel U {q}; 
forall q A q' E— > do 

if q'. block £ B.Rel A q £ a.PreRel then 

alph := alph U {a}; 

a. Remove := a. Remove U {q}; 

In addition, we add "a.PreRel := 0;" to the bodies of lines M and [22J The a.PreRel's 
are data structures with the same complexity properties as those of a.PreB and a. Remove. 
For a given iteration of the while loop the time complexity of these lines is 0(\— Since 
the number of iterations of the while loop is in 0(\P S i m \ 2 ), the overall time complexity 
of these lines is 0(\P S i m \ 2 .\— This is thus also the overall time complexity of lines PT3| 
dU and [231 an d the overall time complexity of calculation of all C and D concerned 
by line [TSJ The overall time complexity of the forall loop at line [TH] does not change: 
0(\P S i m \). Consider now Figure EJ A transition q — > q' with q' in a block B chosen at 
line H] is considered only 0(\P S i m \) times. Knowing that for each time there is at most 
| P S im | blocks D in a. Remove we deduce the overall time complexity of the forall loop at 
linelH 0(\P sm \ 2 .\^\). 
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Note for the attentive reader: continuing the discussion just before Definition [TJ 
in practice, it should be more interesting to do the split with pre a (U5.Rel) instead 
of a. Remove and to do the refinement step with BlocksInRemove = {D 6 P | D n 
pre a (Ui?.Rel) = 0}. Because, pre a (US.Rel) is supposed to decrease at each iteration 
which is not the case for a. Remove when we no longer have S.NotRel. 

Theorem 17. LetT = (Q, S, — >) be a LTS and (Pi n u, Rmit) be an initial partition-relation 
pair over Q inducing a preorder & init . The space efficient version of Sim computes the 
partition-relation pair (P s i m , R S im) inducing M sim the maximal forward simulation on T 
contained in Mi n u in: 

0(\P sim \ 2 -\^\) time and 0(\P sim \ 2 + |->-|. log |->-|) space. 

In the case of Kripke structures, it seems possible to derive a version of the algorithm 
which still works in 0(\P sim \ 2 .\— >\) time but uses only 0{\P sim \ 2 + |Q|. log |P sim |) space. 
The idea is to not use the option to scan the states of a block in linear time. The split 
operation is thus now done in time and so one. This is just a bit tedious to do. 

Moreover, in practical cases, the problem is not the 0{\— >\. log |— >-|) part of our space 
complexity but the 0{\P S i m \ 2 ) part. 

6 Data structures 

In what follows, we use different kinds of data: simple objects, arrays and lists of objects. 
The size of the pointers has an importance for bit space complexity. It should be enough 
to differentiate all the considered objects and thus 0{\— >\) for normalized LTS. We call 
a resizable array an array which double its size when needed. Therefore, adding a new 
item in this kind of array is done in constant amortized time. 

First, we have to set t.sl for each transition t G— >, q a - state and g a .post for each state- 
letter q a . To do that we create a new array of transitions, Post, as the result of sorting 
the set of transitions with the labels as keys, then with the source states as keys. We use 
counting sorts. This means that the two sorts are done in 0(\— >\) time since Q and E 
are in 0(1—7-1). Counting sorts are stable. As a result, in Post, transitions are packed by 
source states and within a pack of transition sharing the same source state, there are the 
sub-packs of transitions sharing the same label. Then, we scan the elements of Post from 
the first one to the last one. For each transition t = q — > q', we consider the couple (q, a) 
and whenever it changes we create a new state-letter q a and we set t.s\ = q a . Then, we 
set q a . state = q and q a . range = (idx sta rt, idx en d) with idx sta rt the index in Post of the first 
transition from q and labelled by a, and idx en d the index in Post of the last transition 
from q labelled by a. Thanks to the two sorts, (q a . range, Post) provides an encoding of 
g a .post. To represent g'.pre, we just create a new array of transitions, Pre, as the result 
of sorting, by a counting sort, the set of transitions with destination states as keys. Then, 
by scanning this array, we associate to each state q' the couple q' . range = (idx star t, idx en d) 
with idx s tart the index of the first transition in Pre having q' as destination state and 
idx en d the index of the last transition in Pre having q' as destination state. Therefore, 
(g'. range, Pre) provides an encoding of g'.pre. All of this is done in 0(|— >\) time and uses 
0(\— >\. log |— >|) space. 
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We do not encode the content of a block of P by a doubly-linked list of states like the 
other papers because we need a certain stability property. The problem is the following, 
let C be a block, we want to be able to add the content of another block D in C.NotRel 
in constant time, without scanning the content of D. We also want the encoding of 
C.NotRel to be in 0(\P sim \. log |P S j m |) space. A first idea is to store in C.NotRel only the 
reference of D. But a problem arises when D is split in D\ and D 2 : we have to update 
all the C.NotRel and replace D by D\ and D 2 ; this implies an overall time complexity 
of 0(\P S i m \ 3 ) since there may have \P S i m \ splits. But 0(\P S i m \ 3 ) is too much for the time 
efficient version of our algorithm. A solution is to use a kind of family tree. A block of 
P is a leave of the tree and is linked to the set of its states. When a block is split, it 
becomes an internal node of the tree and is no more directly linked to the set of its states 
but to its two son blocks (which are both linked to their respective set of states). This 
solution satisfy all the requirements since in a binary tree the number of nodes is at most 
two times the number of leaves. 

However here is a more efficient solution. The set of states Q is copied in a new array 
Q p such that the set of states of a block B G P is arranged in consecutive slots of this 
array Q p . Therefore, to memorize the content of B, we just have to memorize B. start 
the starting position and B.end the ending position of the corresponding subarray in Q p . 
When a block B is split in two sub-blocks Bi and B 2 , we just arrange the content of the 
subarray of B in Q p such that the first slots are for B 1 and the last slots are for B 2 . This 
way, even after several splits, the set of states which once corresponded to a block of P 
will always be in the same subarray, even if the order of the states is modified. Note that 
to do the rearrangement, during a split, of the states of B in Q p we need to memorize for 
a given state r G Q its position, r.posQp, in Q p . See function Splitlmplementation. 

For a given C G P, C.NotRel may thus be encoded as a set of couples (x,y), which 
once corresponded to blocks of P, such that x is the start of a subarray in Q p and y is the 
end of that subarray. Due to the fact that B.NotRel D (U-B.Rel) = and when the content 
of a block is added in B.NotRel the block is removed from B.Re\, all the blocks encoded in 

C. NotRel are different. Therefore, |C.NotRel| is in 0(\P S i m \) and thus the encoding of all 
the NotRePs is done in 0(\P sim \ 2 . \og(\Q\) space. The factor log(|C/|) is due to the fact that 
in a couple (x, y), the maximum value for x and y is \Q\. However, we want the encoding 
of all the NotRel's to be in 0(\P S i m \ 2 . log(|P S j m |). To do that, remember the family tree 
mentioned above. The number of past and actual blocks of P is in 0(\P S i m \). Therefore, 
we introduce N, a set of nodes. During the initialization, we associate B.node G N, 
a node, to each block B G P. The starting and ending position in Q p corresponding 
to a block B is not directly store in B but in B.node via B. node. start and B. node. end. 
Therefore, when we want to add the content of a block D in C.NotRel, in fact we add 

D. node in C.NotRel. Since \N\ is in 0(\P S i m \), the encoding of all the NotRel's is done 
in 0(\P S i m \ 2 Aog(\P S i m \) space. Note that the encoding of all the nodes in N is done in 
0(\P S i m \. log(|Q|) space. The 0(log(|C;|) factor being for the couple (n. start, n. end) for 
each n G N. The set N and the NotRel's are encoded by resizable arrays. 

For a given B G P, the set B.Rel is encoded by a resizable boolean array. To know 
whether a block C belongs to B.Re\ we check i?.Rel[C. index] with Cindex the index of C 
in the array encoding P. The encoding of all Rel's is therefore done in 0(\P S i m \ 2 ) space. 

A given block B G P is encoded in C(log(|— >\) space since we just need a constant 
number of integers, less than |— >|, or pointers for B. index, B. node, B.NotRel, B.Rel, 



23 



fi.splitCount (see function Splitlmplementation) and i?.RelCount (for the time efficient 
version). Thanks to, Q p , B. node. start and B. node. end scanning of the states contained in 
a block B e P is done in linear time. The set P is encoded as a resizable array of blocks. 
Therefore, the encoding of P is done in 0(\P sim \. log(|— >\) space and the encoding of the 
contents of the blocks of P is done in 0(|Q|. log(|(5|). 

The set S is encoded as a list of blocks (we could have used a resizable array) but we 
also need to add a boolean mark to the blocks of P to know whether a given block is 
already in S. That way, we keep the encoding of S in 0(\P S i m \. log( | — >• | ) ) space. 

The sets alph, SplitCouples and Touched are implemented like S: a list and a binary 
mark on the respective elements. To reset one of these sets, we simply scan the list of 
elements; for each of them we unset the corresponding mark, then we empty the list. All 
of this is done in linear time. The maximum sizes for alph is |S|, for SplitCouples and 
Touched it is |P s i m |. Therefore, they are all encoded in O ( | — >■ | . log ( | — ?► | ) ) space. 

To represent a set a.PreB or a. Remove with a e E we should not use a list of states 
and a binary array indexed on \Q\. This would have implied a total size of |E|.|Q| for all 
the letters, which may exceed |— >\. Instead, we use a list of elements of sl(— >) per letter 
and only one common (for all the letters) binary array indexed on sl(— >). We also use 
the fact that for a given a G E a state can not belongs to both a.PreB and a. Remove in 
an iteration of the while loop of Sim. When we need to add a state r in a. Remove, for 
example, it is from a transition r — > r' issued from a call of r'.pre. This call provides r a 
too. Then, we add r a in the list of a. Remove and we set the mark associate with r a , only if 
this mark is not already set. Cleaning of a. Remove is done like cleaning of alph (scanning 
the elements and unsetting the associated marks). Note that we store r a instead of r in 
a. Remove, but this is not a problem since r a . state gives us r. The encoding of all a.PreB 
and a. Remove is done in 0(\ sl(— >-) | . log |— >-|) space and thus in 0(\— >\. log |— >|) space. 

As denoted by the name, function Splitlmplementation is an implementation of 
function Split taking into account the new way of encoding the partition. Clearly, a call 
of SplitImplementation(i?emof e, P) is done in 0(\Remove\) time. 

7 Future Works 

In order to simplify the presentation, no practical optimization has been proposed. This 
will be done in a future work with the implementation of the algorithms. For the moment 
we just recall an easy theoretical optimization: the coarsest bisimulation relation should 
be computed before, and used by the algorithms computing the coarsest simulation rela- 
tion. This reduces sl(— >), which is really important for the space complexity of the time 
efficient version of the algorithm, and also reduces the transition relation, which has a 
positive impact on the time complexity of all the versions of the algorithm. 

Concerning the search of the coarsest bisimulation relation in a LTS, the framework 
presented in the present paper can be adapted. We have recently learned that an algo- 
rithm avoiding the effect of the size of the alphabet in the time and space complexities 
of the bisimulation problem has already been presented by Valmari [10] in 2009. The ap- 
proach of Valmari is different. His splitters (roughly speaking, they play the same role of 
our refiners but are adapted for the bisimulation problem) depend conceptually on letters 
but he uses two partitions of the set of transitions, beside the classical one for the states, 



24 



Function SplitImplementation(i?emot> e, P) 



1 SplitCouples := 0; Touched := 0; Blocks I nRemove : = 0; 

2 // Assert : VC G P . C.splitCount = 0; 

3 // When a block is created, all its counters are set to 0.; 

4 forall r G Remove do 

5 C := r.block; 

6 Touched := Touched U {C}; 

7 oldpos := r.posQp; newpos := C.node. start + C.splitCount; 

8 r' := [newpos]; 

9 Q p [newpos] := r; Q p [o/(ipos] := r'\ 

10 r.posQp := newpos; r'.posQp := oldpos; 
n C.splitCount := C.splitCount + 1 ; 

12 forall C G Touched do 

13 if C.splitCount = |C| then 

14 BlocksInRemove := Block si nRemove U {C}; 

15 else //C must be splitted 

16 D := newBlockO ; P := P U {D}; 

it P. node := newNodeO; N := N U {D. node}; 

is BlocksInRemove := BlocksInRemove U {D}; 

19 D. node. start := C.node. start; 

20 D. node. end := C.node. start + C.splitCount — 1; 

21 C.node. start := D. node. end + 1; 

22 D.Re\ := copy(C.Rel); 

23 D.NotRel := copy(C.NotRel); 

24 SplitCouples := SplitCouples U {(C, D)}; 

25 forall pos G {-D. node. start, . . . , D. node. end} do Q p \pos). block := £>; 

26 C.splitCount := 0; 

27 forall (C, £>) G SplitCouples, E G P do 

28 if C G P.Rel then 

29 P.Rel := E.Re\ U {£>}; 

30 return (P, BlocksInRemove, SplitCouples) 



to avoid the negative effect of the size of the alphabet. At first glance, an adaptation of 
our present work in the case of bisimulation yields a simpler algorithm than the one of 
Valmari and, furthermore, closer to the one of Paige and Tajan for Kripke structures [S]. 
This will be made precise in a future paper. 
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